So, I wrote my first script in Python that actually does something useful enough that I thought I’d share it.

For my IDS class, we have the final today. I’m actually taking it right now, since I set this to autopost while I’m there. For the class we have to compile Snort, Pulledpork, and Barnyard2, set up some basic Snort rules to alert based on what he gives us in class, and run it all to prove it works. We can use notes for this test, so I jokingly asked if I could write a Python script to do all this for me.

The instructor, Mike Masino, said if I did it, he’d even give me extra credit.

As Redditors would say, “Challenge Accepted.”

Before the real Python programmers start yelling because they skipped ahead, it’s not very Pythonic. It’s kludgy, and has poor string handling in places. I used two recipes I grabbed elsewhere (for input validation), one of which has code that I didn’t end up using, and I haven’t cleaned it up yet. (The third piece of input validation I did, in fact, write myself based off those two.) I haven’t got a good handle on classes, and make more errors when I try, so I didn’t use them here. Still, it works!

So, here’s Longpork, a Python script that installs Snort, Pulledpork, and Barnyard2, and does some basic setup for you. It asks for a few things along the way (Oinkcode!), and has a breakdown that asks for things to write some Snort rules for you.

If you don’t know how to actually use Snort, this won’t be super helpful. It’ll get a basic install going, sure, but you need to know how to read the output, and change other variables in the snort.conf, to really do anything useful with it.

If you’ve always wanted to try Snort out, this might be good for you. Whatever gets messed up, you can figure out how to fix, but the script does some of the heavy lifting (installing required packages, compiling) for you, so you can get right to trying out rules and stuff.

I’ve only been learning Python in my spare time for a few months, and was only a poor Perl scripter before that. If you have any tips for me, please comment!

It’s been tested on Ubuntu 10.10 and 11.04. Should work fine on 10.04. Might work on anything else that uses Aptitude. Anything else, it’ll be a broken mess.

So, if you can use this thing, go for it.



~ by Benjamin Kenneally on May 9, 2011.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: